156 matches found
MAL-2026-5496 Malicious code in @validate-ethereum-address/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31c6ff12976558c9f1b005e95ad8a4c3b366723f0a1409d73f904f568be326cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-4844 Malicious code in @polka-ui/reco (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 748e9209b5841d7276bc8325c476b21c3061fdc37dc9db0280f033ba9badc8c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in jwscube (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 325d4311f3dd1d82c8f9ee1ddc19a767eb69adf0a338625c8ce1e9d40062dec7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tallyui/pos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5279d1272d0ce8f67df10c573ffad904cc0db1c047aad8cea501e1068564361e The package @tallyui/pos was found to contain malicious code. Source: ghsa-malware 1a3e5194d9053a2e2e63e6d5b98d169d862ad969c78986fac81af7ee2557f4b5 A...
Malicious code in @squawk/units (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39aaec9f38434cc7c5012cfde1e1156723d161341b897788e743f6360f369e71 The package @squawk/units was found to contain malicious code. Source: ghsa-malware 464a63d0dfe63cb91f03d50ef10143eae2c9d581998ff6025ba48e18c8d89ed5...
Malicious code in apple-infra-stealth-audit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62019b469ab2852a4c8a4453043d5452768c2ac046ad1dc258366eac98de24ac The package apple-infra-stealth-audit was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2991 Malicious code in pgserve (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48b943e993f7a62fe43ad9c5412ad1750fd3d5a8cd5214988b16caf78f4a06d The package pgserve was found to contain malicious code. Source: ghsa-malware 3eb07d42183ec3a63a62edc4353d8dbaa85afd8c1830fa5b6ef2617fb5a2b3e0 Any...
MAL-2026-2942 Malicious code in optimized-fastest-levenshtein (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad1df5ecfcba26f63d6afe82b0b81c718ed915074e7e2a1eec30d7fd6815be5 The package optimized-fastest-levenshtein was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2674 Malicious code in chief-proxy-out (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b408fee03920bbac11e3f3e2a31fa1948a9d1b99041e54c1e10ba0f5e8cf949 The package chief-proxy-out was found to contain malicious code. Source: ghsa-malware cc92974c8b9f8dc914e29b747314307d52026764bd99c484f10fad298df29f6...
MAL-2026-2641 Malicious code in chai-as-refined (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc7bd5b01fccd5ef5cc96d9a4eecf5801c6b34a062718a2131d2b2abb7a93191 The package chai-as-refined was found to contain malicious code. Source: ghsa-malware 5a69e4e0dbfe130a3d5da8413eb7ad9a490dc1874ee69ef385156479b365da4...
Malicious code in @dtc-campaign-wizard/campaign-wizard (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 99f551e16bdd57ec65154ddd0b1ebe5a701abe98d86f25490fb3c36b19e9fa41 The package @dtc-campaign-wizard/campaign-wizard was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2573 Malicious code in @aircall-ecosystem/integrations-msteams-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4343cd15bb1d3104166b2ddf4f549bc184fde49233b5cfba97f353f00a8c2a2e The package @aircall-ecosystem/integrations-msteams-frontend was found to contain malicious code. Source: ghsa-malware...
Malicious code in node-coremesh (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c5a0cdd89bf30a4af39a8b084445dc8db5a9433149b2935e8c2ad63a3cef008 The package node-coremesh was found to contain malicious code. Source: ghsa-malware f8ed9a272c9d2d960b2ddae6ef1f7128ff576014f4d3c296ca2b6d74eaea4ceb...
Malicious code in super-alias (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10ee12ec5ce74c0899ed60e17d1baf7095efc7ab305e51d4fcf20db72306621f The package super-alias was found to contain malicious code. Source: ghsa-malware 2c8c29e0ebca0170c77383154e5c6f2fe5280412fea18d255b496b94ae0aac5f An...
Malicious code in @emilgroup/billing-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91fdd5297b7532183f2b29871b23802ced24b046c92f2826618bc083dd243620 The package @emilgroup/billing-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1452 Malicious code in @sheniraid/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f232c1235fdee715d838e2f39abd6c3510308c313c075458df080ce28a4c26fa The package @sheniraid/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in syntax-class-constructor-call (npm)
The package 'syntax-class-constructor-call' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
MAL-2026-1268 Malicious code in @shenira/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37c19428681ab141c5cbfe55488bba7fb3d752e39dcffc01da944544bc0b104b The package @shenira/libsignal-node was found to contain malicious code. Source: ghsa-malware...
Malicious code in mongos-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6580043c6aae1e9b2a53c9656a14b094f0e3b00ea7728457e4f2f2e46458358 The package mongos-api was found to contain malicious code. Source: ghsa-malware 7bf084b38089206dc3a1aea5fa3a424ca23992e8a695031b17b8a2bb85fd491d Any...
MAL-2026-1006 Malicious code in chai-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 27a98b20486f7e7fafdfb30cb31c6f9aaf7d2e05e776a7d59b09dfd9db11e12f The package chai-tools was found to contain malicious code. Source: ghsa-malware cd9e9e8b30b139d7ad4bcef06753d2e9b1896845322a40e0cf0ff862adbcb3d8 Any...